Static Egress SNAT IP for Kubernetes Workloads Using Project Antrea — Small Yet Super Useful

Project Antrea
The Environment
The Environment
sudo kubeadm init — apiserver-advertise-address 10.105.18.30 — pod-network-cidr 192.168.100.0/22 — cri-socket /run/containerd/containerd.sock — v=10 — service-cidr 172.30.0.0/16
kubectl apply -f https://github.com/antrea-io/antrea/releases/download/v1.2.0/antrea.yml
kubectl create ns antrea-test
kubectl create deploy antrea-test-app — image=quay.io/valex/wpcustom:v1 --replicas=2 -n antrea-test
Test App Pod Status
Test App Pod Status
Ping test from the Pod on Node-1
Ping test from the Pod on Node-1
TCP DUMP Output from the Workstation NIC
TCP DUMP Output from the Workstation NIC
Ping test from the Pod running on Node-2
Ping test from the Pod running on Node-2
TCP DUMP Output from the Workstation NIC
TCP DUMP Output from the Workstation NIC

Project Antrea Egress SNAT

Find Antrea Configmap Sample Output
Find Antrea Configmap Sample Output
Antrea Controller Config. segment
Antrea Controller Config. segment
Enable Egress in the Antrea Controller Config
Enable Egress in the Antrea Controller Config
Antrea Agent Config. segment
Antrea Agent Config. segment
Enable Egress in the Antrea Controller Config
Enable Egress in the Antrea Controller Config
kubectl delete -n kube-system pods -l app=antrea
$kubectl label  no k8santrean1 network-role=snat-origin$kubectl label  no k8santrean2 network-role=snat-origin
https://github.com/emailtovinod/antrea-snat-demo.git
kubectl create -f <externalippool_manifest.yaml>
https://github.com/emailtovinod/antrea-snat-demo.git
kubectl create -f <egress_manifest.yaml>
Ping test from the Pod running on Node-1
Ping test from the Pod running on Node-1
TCP DUMP Output on the Workstation
TCP DUMP Output on the Workstation
TCP DUMP Output on the Workstation
TCP DUMP Output on the Workstation
$ip a
antrea-egress interface in Node-1
antrea-egress interface in Node-1
antrea-egress interface in Node-2
antrea-egress interface in Node-2
kubectl label ns app-staging role=staging
https://github.com/emailtovinod/antrea-snat-demo.git
kubectl create -f <externalippool_manifest.yaml>
https://github.com/emailtovinod/antrea-snat-demo.git
kubectl create -f <egress_manifest.yaml>
Ping test from the Pod running on Node-1
Ping test from the Pod running on Node-1
TCP DUMP Output on the Workstation
TCP DUMP Output on the Workstation
Ping test from the Pod running on Node-2
Ping test from the Pod running on Node-2
TCP DUMP Output on the Workstation
TCP DUMP Output on the Workstation
antrea-egress interface in Node-1
antrea-egress interface in Node-1

Cloud Evangelist & Cloud-Native Architect